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DETAILED ACTION 

1. Claims 1-30 have been examined. Claims 1, 20, and 30 are independent claims. 
The priority date recognized for this application is 07/15/2003. 

Information Disclosure Statement 

2. The Office acknowledges receipt of the Information Disclosure Statement filed on 
03/01/2004. It has been placed in the application file and the information referred to 
therein has been considered by the examiner. 

Oath/Declaration 

3. The Office acknowledges receipt of a properly signed oath/declaration filed on 
07/15/2003. 

Claim Objections 

4. Claim 23 is objected to because of the following informalities: Claim 23 recites in 
line 1 "the static analysis framework as claimed in Claim 18". It appears to be a 
typographical error. For compact prosecution purposes, the examiner interprets the 
claim language to instead read - The method as defined in claim 20 Appropriate 
correction is required. 

Claim Rejections - 35 USC §112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112:. 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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6. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

In line 8 of Claim 1 , applicant recites the limitation "coding errors may occur, 
control and data flow analysis". It is unclear what applicant means by this statement. 
Claims 2-19 are also rejected as being dependent on Claim 1 . 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

8. Claims 1-30 are rejected under 35 U.S.C 102(b) as being anticipated by Saxe et 
al US 6,477,702 (hereinafter Saxe). 

Claim 1: 

Saxe disclose a method for analyzing software code (see for example FIG. 1 , and 
related text) comprising the steps of: 

a) automatically generating program graphs representing said code utilizing static 
analysis techniques (see for example column 6, lines 38-44, FIGs. 1 & 13, and related 
text); 
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b) automatically applying a set of rules to said program flow analysis graphs (see 
for example column 6, lines 53-60, FIG. 2, and related text); 

c) automatically identifying potential software problems from rules set analysis 
results (see for example column 6, lines 61-65, FIG. 2, and related text); and, 

d) reporting said software problems where one or more of best practices 
violations and coding errors may occur control and data flow analysis (see for example 
column 6, lines 61-67, FIG. 2, step 205, and related text). 

Claim 2: 

Saxe further discloses the method according to Claim 1 , wherein said rules set 
represents one or more selected from the group comprising: use of best practices and 
common coding errors, or combinations thereof (see for example column 7, lines 27-45, 
FIG. 2, item 220, and related text). 
Claim 3: 

Saxe further discloses the method according to Claim 1 , wherein said reporting d) 
includes presenting the results in the context of corresponding source code or object 
code (see for example FIG. 2, item 205, 209, 210, and related text). 
Claim 4: 

Saxe further discloses the method according to Claim 1, wherein step b) includes 
performing rule searches applied to said program graphs (see for example column 7, 
lines 1-18). 
Claim 5: 
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Saxe further discloses the method according to Claim 1 , wherein said software code 
subject to said static analysis techniques comprises one or more selected from the 
group comprising: object code, source code, a compiler intermediate representation, of 
said software code, and other program representations, or combinations thereof (see 
for example FIG. 1, item 110, and related text). 
Claim 6: 

Saxe further discloses the method according to Claim 3, wherein a program graph 
includes a control analysis graph, said static analysis technique automatically 
generating said control analysis graphs from said software code (see for example FIGs 
7 & 8, and related text). 
Claim 7: 

Saxe further discloses the method according to Claim 3, wherein a program graph 
includes a data flow analysis graph, said static analysis technique automatically 
generating said data flow analysis graph from said software code (see for example FIGs 
7 & 8, and related text). 
Claim 8: 

Saxe further discloses the method according to Claim 3, wherein a program graph 
includes an intraprocedural control graph (see for example column 10, lines 30-50), said 
static analysis technique automatically generating said intraprocedural control graphs 
from said software code. 
Claim 9: 
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Saxe further discloses the method according to Claim 3, wherein a program graph 
includes an interprocedural control graphs, said static analysis technique includes 
automatically generating said interprocedural control graphs from said software code 
(see for example column 10, lines 30-50). 
Claim 10: 

Saxe further discloses the method according to Claim 5 wherein said static code 
analysis further includes automatically identifying classes, fields, methods and class 
attributes, said set of rules being further applied to said classes and class attributes 
(see for example FIG. 2, item 202, and related text). 
Claim 11: 

Saxe further discloses the method according to Claim 5 wherein said static code 
analysis further includes automatically identifying attributes of classes, methods, fields, 
and aspects of a programs body (see for example FIG. 2, item 202, and related text). 
Claim 12: 

Saxe further discloses the method according to Claim 5, wherein said step b) further 

* 

includes the step of: receiving said program graphs and class attributes information and 

4 

performing a graph rewriting technique (see for example FIG. 13, step 1304, and related 
text). 

Claim 13: 

Saxe further discloses the method according to Claim 12, wherein a result of applying 
graph rewriting includes generating a run-time characteristics model for said program 
(see for example column 7, lines 27-37). 



Application/Control Number: 10/620,078 Page 7 

Art Unit: 2192 

Claim 14: 

Saxe further discloses the method according to Claim 12, wherein said step b) further 
includes the step of receiving said program graphs and attributes information, and 
performing a reachability analysis (see for example column 1 1 , lines 10-17). 
Claim 15: 

Saxe further discloses the method according to Claim 14, wherein said reachability 
analysis is performed with or without constraints (see for example column 1 1 , lines 10- 
17). 

Claim 16: 

Saxe further discloses the method according to Claim 14, further comprising the step of 
employing a rule search engine (see for example FIG. 2, items 204, 220, and related 
text) to automatically apply a set of rules (see for example FIG. 2, item 220, and related 
text) to said rewrite graph results, reachability analysis results and attributes to identify 
one or more selected from the group of: possible performance errors or problems 
concerning correctness, security, privacy and maintainability of said software code (see 
for example column 6, lines 5-21). 
Claim 17: 

Saxe further discloses the method according to Claim 14, wherein said rewrite graph 
technique includes traversing a program graph to locate nodes containing attributes of 
interest and to locate edges to add or remove from said program graph (see for 
example column 11, lines 52-60, FIG. 12, and related text). 
Claim 18: 
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Saxe further discloses the method according to Claim 17, wherein said reachability 
analysis includes traversing the program graphs and adding or removing edges to 
extend or reduce reachability, respectively (see for example column 1 1 , lines 52-60). 
Claim 19: 

Saxe further discloses the method according to Claim 18, wherein a rule is applied to 
determine whether a node representing a particular method is reachable by traversing 
said graph from a particular head node, said head node being user selectable (see for 
example FIG. 13, and related text). 
Claim 20: 

Saxe discloses a static analysis framework for analyzing software code said framework 
comprising: 

means for automatically generating program graphs (see for example column 6, 
lines 38-44, FIG. 1, and related text); 

rule search engine for automatically applying a set of rules to said program 
graphs (see for example column 6, lines 53-60, FIG. 2, item 220, and related text)); 

means for automatically identifying potential software problems from rules set 
analysis result (see for example column 6, lines 61-65); and, 

means for reporting said problems to enable correction of instances where one 
or more of best practices violations and common coding errors may occur (see for 
example FIG. 2, item 205, and related text). 
Claim 21: 
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Saxe further discloses the static analysis framework as claimed in Claim 20, wherein 
said rules set represents one or more selected from the group comprising: use of best 
practices and common coding errors, or combinations thereof (see for example column 
7, lines 27-45). 
Claim 22: 

Saxe further discloses the static analysis framework as claimed in Claim 20, wherein 
said software code comprises scalable componentized applications according to a 
software development platform (see for example FIG. 1, item 120, FIG. 2, item 220, and 
related text). 
Claim 23: 

Saxe further discloses the static analysis framework as claimed in Claim 18, wherein 
said program graphs include one or more selected from the group comprising: a control 
analysis graph, a data flow analysis graph (see for example FIGs. 7 & 8, and related 
text), an intraprocedural control flow graph and an inteprocedural control flow graph, 
said static analysis technique automatically generating a respective one of said control 
analysis graph, data flow analysis graph, intraprocedural control flow graph and 
inteprocedural control flow graph from said software code (see for example column 6, 
lines 38-44). 
Claim 24: 

Saxe further discloses the static analysis framework as claimed in Claim 23, further 
including means for automatically identifying classes, fields, methods and class , 
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attributes, said set of rules being further applied to said classes and class attributes 
(see for example FIG. 2, item 202, and related text). 
Claim 25: 

Saxe further discloses the static analysis framework as claimed in Claim 23, wherein 
said static code analysis further includes automatically identifying attributes of classes, 
methods, fields, and aspects of a program's body (see for example FIG. 2, item 202, 
and related text). 
Claim 26: 

Saxe further discloses the static analysis framework as claimed in Claim 20, wherein 
said means for automatically generating program graphs includes means for performing 
graph rewriting (see for example FIG. 13, step 1304, and related text). 
Claim 27: 

Saxe further discloses the static analysis framework as claimed in Claim 26, wherein 
results of said graph rewriting include a run-time characteristics model for said program 
(see for example column 7, lines 27-37). 
Claim 28: 

Saxe further discloses the static analysis framework as claimed in Claim 26, wherein 
said means for automatically generating program graphs includes: means for 
performing a reachability analysis, said reachability analysis being performed with or 
without constraints (see for example column 11, lines 10-17). 
Claim29: 



Application/Control Number: 10/620,078 Page 1 1 

Art Unit: 2192 

Saxe further discloses the static analysis framework as claimed in Claim 28, wherein 
said rule search engine automatically applies a set of rules to said rewrite graph results, 
reachability analysis results and attributes to identify one or more of: possible 
performance errors or problems concerning correctness, security and privacy of said 
software code (see for example column 6, lines 5-21). 
Claim 30: 

Claim 30 is a computer program device readable by a machine version of the claimed 
method step discussed in claim above, wherein all claim limitations have been 
addressed and/or covered in cited areas as set forth above. Thus, accordingly, these 
claims are also anticipated by Saxe. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew Y. Chou whose telephone number is (571) 272- 
6829. The examiner can normally be reached on Monday-Friday, 8:00 am - 4:30 pm. If 
attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tuan Q. Dam, can be reached on (571) 272-3695. 

The fax phone number for the organization where this application or proceeding 
is assigned is (571) 273 8300. 
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Any inquiry of a general nature of relating to the status of this application or 
proceeding should be directed tot eh TC 2100 Group receptionist whose telephone 
number is (571)272 2100. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov . Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll free). 




